In many computer scenarios, a first computer-type entity provides some sort of computer-type resource to a second computer-type entity. As may be appreciated, each of the first and second entities may be a hardware or software entity, such as a computer program or executable, a computer storage device, a computer data server, or the like. Likewise, the resource may be raw data, a file with the raw data therein in some organized fashion, or the like.
Especially in the case where the resource is of especial value or is to be handled in accordance with pre-defined rules, the first entity or ‘resource provider’ may only provide the resource to the second entity or ‘resource recipient’ if the second entity or an associated entity proffers authentication information to the first entity and the first entity authenticates the second entity based thereon. For example, if a server at a banking institution (the first entity) is providing a security key (the resource) to a banking program at a user's computer (the second entity) by which the user can conduct banking transactions at the computer, the server may demand to have some assurance that the banking program can be trusted to employ the security key in a manner amenable to the bank.
That is, the server wants authentication information either from the banking program itself or an authenticator on behalf of the banking program that the banking program is of a certain type, running in a certain environment based on certain variables, and/or the like. Thus, the server in fact provides the security key to the banking program only after authenticating same based on the provided authentication information. Of particular importance, the server in authenticating the banking program based on the authentication information wishes to ensure that the banking program has not been altered in a way such as for example to misuse the security key, and also wishes to ensure that the banking program is operating is not operating in an environment where the security key can be diverted to or read by a questionable entity such as a thief.
A need exists, then, for a method and mechanism by which a computer program, executable, or other resource recipient can be provided with authentication information by which the resource recipient can be authenticated by a resource provider that is to provide a resource thereto. In particular, a need exists for an identity descriptor for describing the identity of the resource recipient to the resource provider, where the identity descriptor includes among other things a set of variables that describe the environment of the resource recipient and an authenticating signature or the like.